Free DISA STIG and SRG Library | Vaulted

V-81635

The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Finding ID
AOSX-13-000570
Rule ID
SV-96349r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000112-GPOS-00057
CCI
CCI-002450
Target Key
(None)
Documentable
No
Discussion

Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. Satisfies: SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058, SRG-OS-000396-GPOS-00176

Fix Text

To ensure that "Protocol 2" is used by sshd, run the following command: /usr/bin/sudo /usr/bin/sed -i.bak 's/.*Protocol.*/Protocol 2/' /etc/ssh/sshd_config

Check Content

To check which protocol is configured for sshd, run the following: /usr/bin/sudo /usr/bin/grep ^Protocol /etc/ssh/sshd_config If there is no result or the result is not "Protocol 2", this is a finding.